After changing CRM to Claims Based authentication,OData service URL changes to https.Can it still be accessed using http? RRS feed

  • Question

  • Hi,

    I have a scenario where the CRM 2011  instance will be accessed by intranet and internet users.Currently the intranet users are accessing http URL of CRM . I have now  enabled claims based authentication on my CRM 2011 environment for the internet users  and they are able to access CRM through https URL. But when the intranet users use the http URL, all the javscripts throw error for the Odata service, as OData URL is now changed to https and in my earlier javscript code, I have used http URL (I am dynamically building it using  var odataSelect = window.location.protocol + "//" + window.location.host + "/" + Xrm.Page.context.getOrgUniqueName()
    + "/xrmservices/2011/OrganizationData.svc/SystemUserSet?$filter=SystemUserId eq guid'" + curUserId + "'";
     ).IIS,however has both http and https bindings and hence CRM opens fine with either of them,but javscripts are causing problems.

    Is there any way, I can make both http and https links work parallely? Since my intranet application has already gone live and many users are using it, I do not want to change the CRM URL to https for them as well and I want to retain the http URL for them. Deployment /Installation guide mentions that both can co-exist.

     I tried invoking https link of  Odata from my JS,but it still does not work , as the user has logged in on http CRM URL and invoking https does not acheive the purpose. Is there any wy to achieve this ?

    Thursday, March 7, 2013 7:53 AM

All replies

  • As far as I know, an http and https binding for CRM at the same time is not supported. The SDK or the implementation guide states that multiple bindings are not supported.  Did you change the web properties to https in the Deployment Manager?
    Tuesday, March 12, 2013 10:47 AM
  • If you access CRM by using the http URL you are using windows authentication over the internet which is not supported. On the intranet you will be fine.

    You can leave the http and https bindings on the website and it will work just fine. Anything connecting to the discovery service will need to use the https url however since that is required to be enabled in deployment manager. 

    Thursday, March 14, 2013 2:33 AM
  • Chris, I must disagree. Having http and https are not supported as per this article: http://technet.microsoft.com/en-us/library/hh699671.aspx#Claims_and_IFD_requirements

    Whilst in some circumstances things may still work, I recommend only having the https binding when IFD is configured.

    Thursday, March 14, 2013 6:47 AM
  • Overall, I'd recommend that you use https both for the intranet and internet users.

    There are two main issues with using a mix of the two:

    • The way the url is built for client script that accesses OData. The getServerUrl function will only return one url; you can use could as you posted above; alternatively UR 12 includes a getClientUrl function, which may resolve these issues
    • The Outlook client will only use one url (the one defined in Deployment Manager). If only one set (intranet or internet) users use the Outlook client, then you can get away with this, but you'd be limiting what you do in the future

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Thursday, March 14, 2013 11:03 AM
  • Have you ever tested this? It works. a HTTP binding and a HTTPs binding on the site work just fine.


    Thursday, March 14, 2013 11:43 PM
  • Not disputing that it might work, but according to the implementation guide more than one binding is not supported.

    Friday, March 15, 2013 12:07 AM